{"id":1205,"date":"2012-02-24T23:53:42","date_gmt":"2012-02-24T19:53:42","guid":{"rendered":"http:\/\/sandalov.org\/blog\/?p=1205"},"modified":"2012-04-12T12:57:46","modified_gmt":"2012-04-12T08:57:46","slug":"ssh-through-http-proxy","status":"publish","type":"post","link":"https:\/\/sandalov.org\/blog\/1205\/","title":{"rendered":"SSH through HTTP proxy"},"content":{"rendered":"<div class=\"2d836d85a73757df15d0de19d7bef594\" data-index=\"1\" style=\"float: none; margin:10px 0 10px 0; text-align:center;\">\n<script type=\"text\/javascript\"><!--\r\ngoogle_ad_client = \"ca-pub-2287684400845931\";\r\n\/* valerymorozov *\/\r\ngoogle_ad_slot = \"5606708872\";\r\ngoogle_ad_width = 728;\r\ngoogle_ad_height = 90;\r\n\/\/-->\r\n<\/script>\r\n<script type=\"text\/javascript\"\r\nsrc=\"http:\/\/pagead2.googlesyndication.com\/pagead\/show_ads.js\">\r\n<\/script>\n<\/div>\n<p>This article explains how to connect to a ssh server located on the internet from a local network protected by a firewall through a HTTPS proxy.<\/p>\n<p>Requirement are :<\/p>\n<ul>\n<li>\n<div>Your firewall has to allow HTTPS connections through a proxy<\/div>\n<\/li>\n<li>\n<div>You need to have root access to the server where ssh is listening<\/div>\n<\/li>\n<\/ul>\n<h2><a id=\"configure_the_ssh_server\" name=\"configure_the_ssh_server\"><\/a>Configure the ssh server<\/h2>\n<div>\n<p>The ssh daemon need to listen on 443 port. To accomplish this, just edit this file (on debian system) <code>\/etc\/ssh\/sshd_config<\/code> and add this line :<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">Port 443<\/pre>\n<p>Then restart the daemon :<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">sudo \/etc\/init.d\/ssh restart<\/pre>\n<\/div>\n<h2><a id=\"configure_the_client\" name=\"configure_the_client\"><\/a>Configure the client<\/h2>\n<div>\n<p>I suppose you are on a Linux system (debian for example). First you have to compile the <a title=\"http:\/\/www.meadowy.org\/~gotoh\/projects\/connect\" href=\"http:\/\/www.meadowy.org\/%7Egotoh\/projects\/connect\">connect binary<\/a> which will help your ssh client to use proxies (HTTPS in our case). Then you have to configure your ssh client to tell him to use HTTPS proxy when he tries to connect to your ssh server.<\/p>\n<ol>\n<li>\n<div>Install the <code><a title=\"http:\/\/www.meadowy.org\/~gotoh\/projects\/connect\" href=\"http:\/\/www.meadowy.org\/%7Egotoh\/projects\/connect\">connect<\/a><\/code> software :<\/div>\n<ul>\n<li>\n<div>On debian system, just install the <code>connect-proxy<\/code>package :<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">sudo apt-get install connect-proxy<\/pre>\n<\/div>\n<\/li>\n<li>\n<div>On other Linux systems, you have to compile it :<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">cd \/tmp\/\r\nwget http:\/\/www.meadowy.org\/~gotoh\/ssh\/connect.c\r\ngcc connect.c -o connect\r\nsudo cp connect \/usr\/local\/bin\/ ; chmod +x \/usr\/local\/bin\/connect<\/pre>\n<\/div>\n<\/li>\n<\/ul>\n<\/li>\n<li>\n<div>Configure your ssh client. Open or create your <code>~\/.ssh\/config<\/code>file and add these lines :<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">## Outside of the firewall, with HTTPS proxy\r\nHost my-ssh-server-host.net\r\n  ProxyCommand connect -H proxy.free.fr:3128 %h 443\r\n## Inside the firewall (do not use proxy)\r\nHost *\r\n   ProxyCommand connect %h %p<\/pre>\n<\/div>\n<\/li>\n<li>\n<div>Then pray and test the connection :<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">ssh my-ssh-server-host.net<\/pre>\n<\/div>\n<\/li>\n<\/ol>\n<\/div>\n<h2><a id=\"ssh_to_another_server_through_the_tunnel\" name=\"ssh_to_another_server_through_the_tunnel\"><\/a>SSH to another server through the tunnel<\/h2>\n<p>For example to connect to in ssh <code>github.com<\/code> :<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">Host github.com\r\n  ProxyCommand=ssh my-ssh-server-host.net &quot;\/bin\/nc -w1 %h %p&quot;<\/pre>\n<p>Credits: <a href=\"http:\/\/www.zeitoun.net\/articles\/ssh-through-http-proxy\/start\" target=\"_blank\">zeitoun.net<\/a><\/p>\n<div class=\"2d836d85a73757df15d0de19d7bef594\" data-index=\"1\" style=\"float: none; margin:10px 0 10px 0; text-align:center;\">\n<script type=\"text\/javascript\"><!--\r\ngoogle_ad_client = \"ca-pub-2287684400845931\";\r\n\/* valerymorozov *\/\r\ngoogle_ad_slot = \"5606708872\";\r\ngoogle_ad_width = 728;\r\ngoogle_ad_height = 90;\r\n\/\/-->\r\n<\/script>\r\n<script type=\"text\/javascript\"\r\nsrc=\"http:\/\/pagead2.googlesyndication.com\/pagead\/show_ads.js\">\r\n<\/script>\n<\/div>\n\n<div style=\"font-size: 0px; height: 0px; line-height: 0px; margin: 0; padding: 0; clear: both;\"><\/div>","protected":false},"excerpt":{"rendered":"<p>This article explains how to connect to a ssh server located on the internet from a local network protected by a firewall through a HTTPS proxy. Requirement are : Your firewall has to allow HTTPS connections through a proxy You need to have root access to the server where ssh &hellip; <a class=\"continue-reading-link\" href=\"https:\/\/sandalov.org\/blog\/1205\/\"> Continue reading <span class=\"meta-nav\">&rarr; <\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1205","post","type-post","status-publish","format-standard","hentry","category-unsorted"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/sandalov.org\/blog\/wp-json\/wp\/v2\/posts\/1205","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sandalov.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sandalov.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sandalov.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sandalov.org\/blog\/wp-json\/wp\/v2\/comments?post=1205"}],"version-history":[{"count":8,"href":"https:\/\/sandalov.org\/blog\/wp-json\/wp\/v2\/posts\/1205\/revisions"}],"predecessor-version":[{"id":1258,"href":"https:\/\/sandalov.org\/blog\/wp-json\/wp\/v2\/posts\/1205\/revisions\/1258"}],"wp:attachment":[{"href":"https:\/\/sandalov.org\/blog\/wp-json\/wp\/v2\/media?parent=1205"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sandalov.org\/blog\/wp-json\/wp\/v2\/categories?post=1205"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sandalov.org\/blog\/wp-json\/wp\/v2\/tags?post=1205"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}